Security Control Assessor

The Security Assurance team is tasked with enterprise-wide security assessments to baseline organizational assets, critical information systems, emerging technologies and remediation plans. The candidate will analyze assessment efforts to provide management with a complete view of known vulnerabilities and associated risks. Scope of assessment includes but not limited to: a detailed report of all findings or gaps associated with a system(s), the beginning of defining the POA&M and Security Assessment Report SAR deliverables

Required:

3-5 years’ experience with Security Testing and Evaluation
Must have the ability to do Web Application Testing, Test a system based on a set of controls, and document the outcome of the control
Experience with the following frameworks and standards, ISO 27002, NIST SP 800-37, 800-39, 800-53 rev4, and other 800 series standards, Policies and Procedures Vulnerability and Risk Assessment process and procedures.
Experience with penetration testing, network mapping and vulnerability management tools.
Experience in the generation of management reports and technical remediation plans to address infrastructure concerns.

Experience using tools such as:

Acunetix
ZAP
Fiddler
BURP Suite
Nessus
IP360
Tripwire CCM
Ability to review technical and operational controls and evaluate the effectiveness of the controls
Ability to effectively communicate technical details in business language
The ability to handle multiple projects in a fluid process
Need to be able to speak to a methodology for defining the likelihood of a vulnerability being leveraged to cause harm and how it could impact business